CVE-2026-3971

HighPublic PoC

Published: 12 March 2026

Published

12 March 2026

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3971 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda I3 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents stack-based buffer overflow by validating and sanitizing the manipulated index/GO argument in the formwrlSSIDset function.

SI-16 Memory Protection good match

prevent

Implements memory protections such as stack canaries and non-executable stack to block arbitrary code execution from the buffer overflow.

SI-2 Flaw Remediation good match

preventrecover

Requires timely flaw remediation through vendor patches or workarounds to eliminate the buffer overflow vulnerability in the Tenda i3 firmware.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Remote stack-based buffer overflow in public-facing web form handler (/goform/wifiSSIDset) on network device directly enables T1190 (Exploit Public-Facing Application) for initial access/RCE; low-privileged web access to full code execution maps to T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The…

exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2026-3971 is a stack-based buffer overflow vulnerability in the formwrlSSIDset function within the /goform/wifiSSIDset file of Tenda i3 firmware version 1.0.0.6(2204). The flaw is triggered by manipulation of the index/GO argument and is classified under CWE-119, CWE-121, and CWE-787. It was published on 2026-03-12 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A low-privileged remote attacker can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution via the buffer overflow.

VulDB advisories document the issue under identifiers like ctiid.350406 and id.350406, confirming remote exploitability. Proof-of-concept exploits are publicly disclosed on GitHub repositories, including demonstrations of buffer overflows targeting the formwrlSSIDset and index components, indicating they may be actively used.

The exploit disclosure heightens risk for unpatched Tenda i3 devices, as no vendor patches are referenced in available sources.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

tenda

i3 firmware

1.0.0.6\(2204\)

CVEs Like This One

CVE-2026-3970Same product: Tenda I3

CVE-2026-3804Same product: Tenda I3

CVE-2026-3799Same product: Tenda I3

CVE-2026-3801Same product: Tenda I3

CVE-2026-3803Same product: Tenda I3

CVE-2026-3802Same product: Tenda I3

CVE-2026-5841Same product: Tenda I3

CVE-2026-3974Same vendor: Tenda

CVE-2026-4042Same vendor: Tenda

CVE-2026-4008Same vendor: Tenda

References

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formwrlSSIDset-go-buffer-overflow
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formwrlSSIDset-index-buffer-overflow
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.350406
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.350406
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.768996
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.768997
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com